The Equifax Data Breach: What to Do

Share This Page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, www.equifaxsecurity2017.com. (This link takes you away from our site. Equifaxsecurity2017.com is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit Identitytheft.gov/databreach to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.

 

 

Comments

did that but the address it said to log into isn't working. Was it faq. trustedidpremier. com?

To find out if your information was exposed you can go to Equifax’s website, www.equifaxsecurity2017.com. This link takes you away from our site. Equifaxsecurity2017.com is not controlled by the FTC.

Nothing happens for me when I enter last name & partial SS#, as well. Nothing else appears on that page.

I've been waiting a week for the promised email; not much confidence in Equifax...

I went through the whole process of signing up and it said I would get an email to complete the process. I just got an email today that made me go through the first process all over again. Now I'm afraid the 2nd time was a hacker. I don't know why I would have to enter everything all over again.

Did not receive an enrollment date which is supposed to arrive by email. Equifax says they're swamped and they have no idea when an enrollment date will be issued. According to Wendell, the email most likely will appear in your spam or junk folder.

By change do you know if you can enroll after the date they give you? I just tried to enroll and the instructions say that I will received an email from them. That has never happened and to contact someone is nearly impossible. Any suggestions?

Sam is correct. I have notified my credit union of this goof by Equifax.

You have to make sure all the required fields are filled out, and have a green checkmark, or it won't let you continue.

These sites always reject my email address. So tired of this I know my email address. They are asking for info then reject what you enter.

same thing here and all day unable to contnue

when you sign into Equifaxes website you are waiving your right to sue them in the event of a class action lawsuit against their disgusting gross negligence of IT Security.

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

Are answers on a FAQ website page sufficient to override a binding agreement, when that specifically states it constitutes the agreement in full?

First off, let's be clear ... the FTC and other agencies had a responsibility to insure that companies with access to our information were using due diligence in protecting that data. Equifax did not take such measures and their negligence led to this fiasco. FTC, long asleep on the issue of security, cannot wave their collective hands and say it was not in part their responsibility. But, they will do just that.

Secondly, this is beyond a yearly concern. This is your data, your personal data, and if a hacker has it then they will have it forever. There's a lot of heat now on this, but all the hacker has to do is wait a year and then start using and selling the information. You cannot change your information... name, social security information, birthday and so on.

Third, it is not only credit history that is imperiled. Your whole identity is up for grabs, including things such as medical ID fraud, tax fraud, and even someone becoming you by using your identity.

Fourth, Equifax is a fraud and here's why. Go to the site listed above and try to verify that your history has been affected. It might say that it "may" have been affected. The operative word is "may" Does that satisfy or were you expecting a direct, unequivocal yes or no answer. Now type in a last name, any last name will do, and any series of 6 numbers. Look at what they return ... the site might say that you may have been affected or it may say that you were not affected. Now remember, there is no such person as the one you just entered with the random numbers you chose. So, the information returned is bogus dross and tells you nothing including if the return generated from your valid information is correct. But, it just might drive you to panic and sign up with their wing-ding-bee’s knees credit protection scheme.

Lastly, Equifax has not stated what was released; if your information was released at all. To wit from their site, "The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers." Again, please focus on the legalese and wishy-washy terminology. The operative word in the sentence is "primarily" which Easy Law defines in legal terms as, "In a primary manner; in the first place; in the first place; in the first intention; originally." Another words, it mostly is what follows, but the list of impacts shown might only be a partial listing. If the company was really serious about keeping you informed they would state, "The information released included ONLY the following ..." Period. Full stop! Not primarily!

Equifax will monetize this fiasco by getting folks on board their credit protection schemes and then, at the end of the year, will beseech them to continue for $xx.xx per month - because, of course, the threat is still out there. And, when millions out of justified fear sign up to pay then they will profit handsomely. Scam come to mind? What a game it is!

all very valid points, additionally I would imagine all three credit reporting companies have the same data AND with such a massive leak of information (70% of all american over 18 years of age) the other services may as well close shop, they were in control of protected information that is no longer protected...

very well put. Everyone's blood should be boiling about this, but the hurricane took this story off the front page much to Equifax's relief no doubt.

To put a credit freeze on, you must provide each of the three credit info aggregators, 5 -10 dollars each. Do the math, if only 2/3s of the effected class take this preventative measure, and I believe everyone should, then this represents a .5 - 1 billion dollar windfall for the credit agencies for fixing a problem their lack of due diligence created! You break my window. I pay you 10 dollars.

They should have put credit freezes on all accounts immediately on discovering the scope of the breach, themselves, for free and then compensated all people who were effected by such freezes for their troubles. They shouldn't be doing this now for a charge! Where's our lovely Congress and FTC? Busy gutting the CFPB no doubt.
Come on Republicans-you are our protectors! Step up!

The media should stop referring the people as "customers" of the credit agencies. We are not and most of us had our information collected unwillingly and without our permission, with no oversight and no discernible warrantees of its safety. This is what de-regulation of the private sector leads to.

Come on sheeple! Rise up!

Generally, not always, GOP cares about the "rights" of the wealthy & corporations, not anyone else.

Even so, if everyone who's upset about this hammered on their member of Congress (in the Senate and House) for the next 6 months, say one call or e-mail/week, invite friends and family to participate, use twitter, whatever other social media you use to keep talking about this issue) then there might be some action.

otherwise, as already said, it's just business as usual in the US. The FTC can't do anything if it has no legislation or regulations that AUTHORIZE to act. Same w/HIPAA, the legislation itself contains almost no penalties for violating HIPAA. Unless a state has statutes regarding monetary or other penalities for violating privacy, or disclosure of confidential documents/information that includes health care providers, there is nothing in place. For example, there is NO federal legislation that enables an individual to sue any entity that does what Equifax, and Anthem, and TJ Maxx, and and and have done AND that if the individual proves he/she suffered losses/injuries, etc. requires the corporation or other entity to PAY that individual's attorney fees and costs. Also known as a fee-shifting provision. That would make it possible for many people who cannot afford to sue, to do so, if they suffered a loss due to identity theft, etc. That would be one way to "enforce" privacy legislation or laws.
Instead, there is no agency that can actually impose hefty fines, etc. I think some of the state AG's offices may end up suing, i.e,. class actions. That takes a long time, the usual result seems to be a money settlement with the corporation admitting no wrongdoing. And no requirement that the corporation undergo inspection (i.e., hackers trying to hack into their system) to demonstrate that the corporation or other entity has improved its security.

But nothing to stop people from telling their Congresspeople, over and over and over and over again, demonstrating, etc. that that's the kind of legislation they want. And campaigning against their Congressperson at the next election for NOT doing it, since few will.

"Come on Republicans-you are our protectors! "

LOL. Republican lawmakers only care about their own bank accounts. If you want regulation or oversight Democrats are your friends.

indeed. you caught my drift. The darling GOP has been pushing their relentless message for years. "Beware of Big Government!" "Let's get govt so small we can drown it in a bathtub!" Well, Equifax is the logical outcome of their drive to get the governments paws off the cuddly lovable little corporations. Don't trust government? Vote them out! (that is if its still possible in your local GOP gerrymandered district). Don't trust Equifax or its corporate kin? Well you certainly can't vote them out. They are essentially unaccountable behemoths under our wonderful GOP protectors!

Should read "lawmakers only care about their own bank accounts", but nice try.

Both parties are bought and paid for

uhm, neither of them care, unless it furthers their interests.

The incentives for lawyers to file class action lawsuits are so huge that Equifax will receive plenty of grief. No need to involve the government with everything. You really think the government is more competent or trustworthy?

Breach happened May - July. Why didn't we know in August, timing is everything,and what better time then when everyone is down with hurricanes, flooding and fires - hmmm?

Re: credit freeze:
if these companies want 5-10 bucks for freezing my info that they have collected about me over the years, then I would send them directly to Equifax for collection of said "freezing fees", as it is truly not my fault that I am in this predicament, and of course, if there are resulting damages caused by this breach of security, then I'll definitely sue the heck out of this company.

I also agree with some previous posts regarding enrolling in "TrustedID Premier": why would I trust in a company which has just proven their lack of trustworthiness?

Transunion will do a security freeze at no charge (over the phone anyway). I've been meaning to do this for some time and this mess with Equifax just pushed me to do it quicker.

Transunion told me 19.99.a month.

Cost of freeze depends on your state laws.

What if you have already signed up with"trustedidpremier" what can you do?

I am with you 100%, Mike, on your statement that all three entities should have immediately frozen ALL accounts immediately!! It's OUTRAGEOUS that we citizens should have to PAY to freeze our accounts, never mind that as of 9-13-17, one cannot gain access to the freeze request at any of the three sites...Now I believe everyone should have to OPT IN to these credit bureaus instead of automatically being opted in, and having absolutely no means of REMOVING one's data entirely (then selectively granting/providing access as one chooses)!

Please - good info is needed. The first time you freeze your credit in a "security freeze" it is free of charge. Subsequent unfreezes and freezes carry a charge. But, if a person doesn't plan to use credit in the future, i.e., borrow money to buy a house, car, etc., then why not freeze your credit? The credit agencies won't make money off selling your info to any company asking for it - so that's a good thing. No new accounts will be allowed to open with your info - that's a good thing too. Collection agencies can't damage your frozen credit either - so that's good. All the credit you have, like your current credit cards and mortgage and other loans will not be affected and you'll go on like nothing ever happened. So that's why I did it and I'm very happy about it. These nimrods that sell your info and all the credit scammers don't like this at all. That's great. For instructions about doing what I did, google Colorado.gov credit freeze and search for the simple instructions to ease your mind a great deal in the future. Take control.
That's a good thing too.

Kevin - It isn't always free to put a credit freeze on your credit report. If you're a victim of identity theft and provide the documents to prove the theft to the credit reporting, the freeze will be free.

If your information has been lost or exposed in a data breach, you can choose to place a freeze. A credit freeze makes it harder for someone to open a new account in your name, but won’t stop a thief from making charges to your existing accounts.

Yes they can make charged to your card account, when I spoke with one card company the have 24/7 monitoring, alerts for put of country attempts, limit on atm. I did a small 500.00 alert, you get the notice, if it is you, you don't need to reply. If it's not you, tes pond to the alert. They can scan your social for all activity.

Yes they can make charged to your card account, when I spoke with one card company the have 24/7 monitoring, alerts for put of country attempts, limit on atm. I did a small 500.00 alert, you get the notice, if it is you, you don't need to reply. If it's not you, tes pond to the alert. They can scan your social for all activity.

Actually, Equifax is waiving fees for placing a credit freeze on your credit report. I did have to pay $10 to Transunion and Experian (allowable in Michigan), but I did not have to pay anything to Equifax.

Check your local state laws. In Indiana they cannot charge you for a credit freeze or temporarily lifting the freeze or any other activity with the credit freeze. Check your state laws. It didn't matter because online you get a 500 error with them.

That was an eloquent way to state exactly what I thought when I saw that pop up...

....or it's a legitimate data breach and you're just reading into it too much. All companies have offered identity theft protection after such breaches. This will not be the last data breach so just roll with it. Get the data monitoring service, continue, check your free credit reports from all 3 services on a rotating quarterly basis, and make sure you've activated alerts for existing account changes. When I entered my information it said I was compromised, no equivocation.

I agree, but I did have that thought about the money they will make for their Identity monitoring services. You are correct, several years ago when there was a huge data breach at the Federal Governments archives, my personal data was compromised and the federal government provided two years of identity monitoring. It might just change the way they use and store this type of data, hopefully sooner rather than later for Transunion, Experian, and Equifax

The problem is your information is still going to be out there after their free 'monitoring'. Nothing can undo this. We can only hope we don't get unlucky.

This is a catastrophic breach of information. The sheer magnitude of people affected and the scope of information: SSN, DOB, addresses, drivers licenses, some credit cards, and any other data that they collect. This is not a Target or yahoo breach. It is an issue of national security and NSA is also involved. Consider password resets at nuclear power plants. How do you determine the true identify of people. I froze my credit at the 4 bureaus and will unlock temporarily, if needed. This is not just another breach and "roll with it".

I would like to get the identity theft protection. My problem is I am poor living with epilepsy. I have a decent income with SSI for the rest of my life. I have great credit cards using them like a prepay card. Have not paid interest on one in 28 years. I am in the process of a refinance on my house. I am limited to what I will spend. then about a week ago I had a call. It was a scam. The man asked to speak to __ That was me I just listened to what he was saying. He asked __/___/___ is this your birthday. I stayed quite He then asked ___-__-____ is this your ssi # I said you called the wrong # and hung up. Where did he get this info from?

Identity Services Provider
The U.S. Social Security Administration uses an external data source, or what we refer to as an “Identity Services Provider,” to help us verify the identity of our online customers and to prevent fraudulent access to our customers’ sensitive personal information. Equifax is the Identity Services Provider that provides identity verification services to the Social Security Administration. For more information, please visit www. Equifax. com, (Disclaimer).

So....the SSA uses Equifax as it's designated Identity Services Provider?? Well, that's just great for all of us retirees or soon to be retirees! The thieves really did their homework well apparently! Every time you use the SSA's online services they may launch what the SSA calls a "soft inquiry" to Equifax. That's just great!

I spoke to SSA last week and they told me Experian is the one they use. This is after I could not register my wife with a web portal to SSA. SSA could not verify my wifes info therefore no registration. Key point is not who but the fact that freezing all credit bureau stops anyone registering on line with the SSA. Don't forget there are 4 bureaus including Innovis.

Clear, precise and precisely the issue and the result! The incompetence of Equifax and the FTC in this matter is mind blowing!

Mine came up as a no. I had not been breached

You are right on the money. There was something very fishy about this whole thing from the beginning. The "breach" is very similar to the Target breach and other breaches that have taken place over a period of time, yet no one seemed too alarmed by those breaches. Now, a breach of Equfax (the name, note the name) and everyone loses their mind. Could it also be an experiment to see which company names that are used in a "breach" invoke the most responae from the public. Lastly, who are the hackers? Could they not be from the very corporate USA?

If our information is floating around now, how will they recover it? I assume that information, my personal data, has been copied and sold over and over between May and now. How do we get compensated for their failure? My credit may not be affected now but who will protect me in the coming days?

Or years

Pages

Leave a Comment

Comment Policy